using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
namespace BLL
{
public static class SqlToNull
{
/// <summary>
/// 过滤不安全的字符串
/// </summary>
/// <param name="Str"></param>
/// <returns></returns>
public static string FilteSQLStr( string Str )
{
Str = Str.Replace( " ' ", "" );
Str = Str.Replace( "\" ", "" );
Str = Str.Replace( " & ", " & " );
Str = Str.Replace( " < ", " < " );
Str = Str.Replace( " > ", " > " );
Str = Str.Replace( " delete ", "" );
Str = Str.Replace( " update ", "" );
Str = Str.Replace( " insert ", "" );
return Str;
}
#region 过滤 Sql 语句字符串中的注入脚本
/// <summary>
/// 过滤 Sql 语句字符串中的注入脚本
/// </summary>
/// <param name="source"> 传入的字符串 </param>
/// <returns> 过 滤后的字符串 </returns>
public static string SqlFilter( string source )
{
// 单引号替换成两个单引号
source = source.Replace( " ' ", " '' " );
// 半角封号替换为全角封号,防止多语句执行
source = source.Replace( " ; ", " ; " );
// 半角括号替换为全角括号
source = source.Replace( " ( ", " ( " );
source = source.Replace( " ) ", " ) " );
/// 要用正则表达式替换,防止字母大小写得情况 // //
// 去除执行存储过程的命令关键字
source = source.Replace( " Exec ", "" );
source = source.Replace( " Execute ", "" );
// 去除系统存储过程或扩展存储过程关键字
source = source.Replace( " xp_ ", " x p_ " );
source = source.Replace( " sp_ ", " s p_ " );
// 防止16进制注入
source = source.Replace( " 0x ", " 0 x " );
return source;
}
#endregion
/// 过滤SQL字符。
/// </summary>
/// <param name="str"> 要过滤SQL字符的字符串。 </param>
/// <returns> 已过滤掉SQL字符的字符串。 </returns>
public static string ReplaceSQLChar( string str )
{
if( str == String.Empty )
return String.Empty; str = str.Replace( " ' ", " ‘ " );
str = str.Replace( " ; ", " ; " );
str = str.Replace( " , ", " , " );
str = str.Replace( " ? ", " ? " );
str = str.Replace( " < ", " < " );
str = str.Replace( " > ", " > " );
str = str.Replace( " ( ", " ( " );
str = str.Replace( " ) ", " ) " );
str = str.Replace( " @ ", " @ " );
str = str.Replace( " = ", " = " );
str = str.Replace( " + ", " + " );
str = str.Replace( " * ", " * " );
str = str.Replace( " & ", " & " );
str = str.Replace( " # ", " # " );
str = str.Replace( " % ", " % " );
str = str.Replace( " $ ", " ¥ " );
return str;
}
/// <summary>
/// 过滤标记
/// </summary>
/// <param name="NoHTML"> 包括HTML,脚本,数据库关键字,特殊字符的源码 </param>
/// <returns> 已经去除标记后的文字 </returns>
public static string NoHtml( string Htmlstring )
{
if( Htmlstring == null )
{
return "";
}
else
{
// 删除脚本
Htmlstring = Regex.Replace( Htmlstring, @" <script[^>]*?>.*?</script> ", "", RegexOptions.IgnoreCase );
// 删除HTML
Htmlstring = Regex.Replace( Htmlstring, @" <(.[^>]*)> ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" ([/r/n])[/s]+ ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" --> ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" <!--.* ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(quot|#34); ", " \" ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(amp|#38); ", " & ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(lt|#60); ", " < ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(gt|#62); ", " > ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(nbsp|#160); ", " ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(iexcl|#161); ", " /xa1 ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(cent|#162); ", " /xa2 ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(pound|#163); ", " /xa3 ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(copy|#169); ", " /xa9 ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &#(/d+); ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " xp_cmdshell ", "", RegexOptions.IgnoreCase );
// 删除与数据库相关的词
Htmlstring = Regex.Replace( Htmlstring, " select ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " insert ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " delete from ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " count'' ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " drop table ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " truncate ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " asc ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " mid ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " char ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " xp_cmdshell ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " exec master ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " net localgroup administrators ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " and ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " net user ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " or ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " net ", "", RegexOptions.IgnoreCase );
// Htmlstring = Regex.Replace(Htmlstring, "*", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace( Htmlstring, " - ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " delete ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " drop ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " script ", "", RegexOptions.IgnoreCase );
// 特殊的字符
Htmlstring = Htmlstring.Replace( " < ", "" );
Htmlstring = Htmlstring.Replace( " > ", "" );
Htmlstring = Htmlstring.Replace( " * ", "" );
Htmlstring = Htmlstring.Replace( " - ", "" );
Htmlstring = Htmlstring.Replace( " ? ", "" );
Htmlstring = Htmlstring.Replace( " ' ", " '' " );
Htmlstring = Htmlstring.Replace( " , ", "" );
Htmlstring = Htmlstring.Replace( " / ", "" );
Htmlstring = Htmlstring.Replace( " ; ", "" );
Htmlstring = Htmlstring.Replace( " */ ", "" );
Htmlstring = Htmlstring.Replace( " /r/n ", "" );
return Htmlstring;
}
}
public static bool CheckBadWord( string str )
{
if( !string.IsNullOrEmpty( str ) )
{
string[] pattern = { "select", "insert ", "delete", "from", "count\\(", "drop table", "update", "truncate", "asc\\(", "mid\\(", "char\\(", "xp_cmdshell", "exec master", "netlocalgroup administrators", "net use ", "or", "and" };
for( int i = 0; i < pattern.Length; i++ )
{
if( Regex.IsMatch( str, pattern[i], RegexOptions.IgnoreCase ) )
return true;
}
}
return false;
}
public static string Filter( string str )
{
string[] pattern = { "select", "insert ", "delete", "from", "count\\(", "drop table", "update", "truncate", "asc\\(", "mid\\(", "char\\(", "xp_cmdshell", "exec master", "netlocalgroup administrators", "net use ", "or", "and" };
for( int i = 0; i < pattern.Length; i++ )
{
str = str.Replace( pattern[i].ToString(), "" );
}
return str;
}
}
}
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
namespace BLL
{
public static class SqlToNull
{
/// <summary>
/// 过滤不安全的字符串
/// </summary>
/// <param name="Str"></param>
/// <returns></returns>
public static string FilteSQLStr( string Str )
{
Str = Str.Replace( " ' ", "" );
Str = Str.Replace( "\" ", "" );
Str = Str.Replace( " & ", " & " );
Str = Str.Replace( " < ", " < " );
Str = Str.Replace( " > ", " > " );
Str = Str.Replace( " delete ", "" );
Str = Str.Replace( " update ", "" );
Str = Str.Replace( " insert ", "" );
return Str;
}
#region 过滤 Sql 语句字符串中的注入脚本
/// <summary>
/// 过滤 Sql 语句字符串中的注入脚本
/// </summary>
/// <param name="source"> 传入的字符串 </param>
/// <returns> 过 滤后的字符串 </returns>
public static string SqlFilter( string source )
{
// 单引号替换成两个单引号
source = source.Replace( " ' ", " '' " );
// 半角封号替换为全角封号,防止多语句执行
source = source.Replace( " ; ", " ; " );
// 半角括号替换为全角括号
source = source.Replace( " ( ", " ( " );
source = source.Replace( " ) ", " ) " );
/// 要用正则表达式替换,防止字母大小写得情况 // //
// 去除执行存储过程的命令关键字
source = source.Replace( " Exec ", "" );
source = source.Replace( " Execute ", "" );
// 去除系统存储过程或扩展存储过程关键字
source = source.Replace( " xp_ ", " x p_ " );
source = source.Replace( " sp_ ", " s p_ " );
// 防止16进制注入
source = source.Replace( " 0x ", " 0 x " );
return source;
}
#endregion
/// 过滤SQL字符。
/// </summary>
/// <param name="str"> 要过滤SQL字符的字符串。 </param>
/// <returns> 已过滤掉SQL字符的字符串。 </returns>
public static string ReplaceSQLChar( string str )
{
if( str == String.Empty )
return String.Empty; str = str.Replace( " ' ", " ‘ " );
str = str.Replace( " ; ", " ; " );
str = str.Replace( " , ", " , " );
str = str.Replace( " ? ", " ? " );
str = str.Replace( " < ", " < " );
str = str.Replace( " > ", " > " );
str = str.Replace( " ( ", " ( " );
str = str.Replace( " ) ", " ) " );
str = str.Replace( " @ ", " @ " );
str = str.Replace( " = ", " = " );
str = str.Replace( " + ", " + " );
str = str.Replace( " * ", " * " );
str = str.Replace( " & ", " & " );
str = str.Replace( " # ", " # " );
str = str.Replace( " % ", " % " );
str = str.Replace( " $ ", " ¥ " );
return str;
}
/// <summary>
/// 过滤标记
/// </summary>
/// <param name="NoHTML"> 包括HTML,脚本,数据库关键字,特殊字符的源码 </param>
/// <returns> 已经去除标记后的文字 </returns>
public static string NoHtml( string Htmlstring )
{
if( Htmlstring == null )
{
return "";
}
else
{
// 删除脚本
Htmlstring = Regex.Replace( Htmlstring, @" <script[^>]*?>.*?</script> ", "", RegexOptions.IgnoreCase );
// 删除HTML
Htmlstring = Regex.Replace( Htmlstring, @" <(.[^>]*)> ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" ([/r/n])[/s]+ ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" --> ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" <!--.* ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(quot|#34); ", " \" ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(amp|#38); ", " & ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(lt|#60); ", " < ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(gt|#62); ", " > ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(nbsp|#160); ", " ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(iexcl|#161); ", " /xa1 ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(cent|#162); ", " /xa2 ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(pound|#163); ", " /xa3 ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &(copy|#169); ", " /xa9 ", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, @" &#(/d+); ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " xp_cmdshell ", "", RegexOptions.IgnoreCase );
// 删除与数据库相关的词
Htmlstring = Regex.Replace( Htmlstring, " select ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " insert ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " delete from ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " count'' ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " drop table ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " truncate ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " asc ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " mid ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " char ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " xp_cmdshell ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " exec master ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " net localgroup administrators ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " and ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " net user ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " or ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " net ", "", RegexOptions.IgnoreCase );
// Htmlstring = Regex.Replace(Htmlstring, "*", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace( Htmlstring, " - ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " delete ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " drop ", "", RegexOptions.IgnoreCase );
Htmlstring = Regex.Replace( Htmlstring, " script ", "", RegexOptions.IgnoreCase );
// 特殊的字符
Htmlstring = Htmlstring.Replace( " < ", "" );
Htmlstring = Htmlstring.Replace( " > ", "" );
Htmlstring = Htmlstring.Replace( " * ", "" );
Htmlstring = Htmlstring.Replace( " - ", "" );
Htmlstring = Htmlstring.Replace( " ? ", "" );
Htmlstring = Htmlstring.Replace( " ' ", " '' " );
Htmlstring = Htmlstring.Replace( " , ", "" );
Htmlstring = Htmlstring.Replace( " / ", "" );
Htmlstring = Htmlstring.Replace( " ; ", "" );
Htmlstring = Htmlstring.Replace( " */ ", "" );
Htmlstring = Htmlstring.Replace( " /r/n ", "" );
return Htmlstring;
}
}
public static bool CheckBadWord( string str )
{
if( !string.IsNullOrEmpty( str ) )
{
string[] pattern = { "select", "insert ", "delete", "from", "count\\(", "drop table", "update", "truncate", "asc\\(", "mid\\(", "char\\(", "xp_cmdshell", "exec master", "netlocalgroup administrators", "net use ", "or", "and" };
for( int i = 0; i < pattern.Length; i++ )
{
if( Regex.IsMatch( str, pattern[i], RegexOptions.IgnoreCase ) )
return true;
}
}
return false;
}
public static string Filter( string str )
{
string[] pattern = { "select", "insert ", "delete", "from", "count\\(", "drop table", "update", "truncate", "asc\\(", "mid\\(", "char\\(", "xp_cmdshell", "exec master", "netlocalgroup administrators", "net use ", "or", "and" };
for( int i = 0; i < pattern.Length; i++ )
{
str = str.Replace( pattern[i].ToString(), "" );
}
return str;
}
}
}